CRITICAL 10.0 PyPI
PYSEC-2026-33 · CVE-2026-26216, GHSA-5882-5rx9-xgxp Modified: 5/20/2026
package
PyPI / crawl4ai
pkg:pypi/crawl4ai
HIGH 7.5 PyPI
PYSEC-2026-34 · CVE-2026-26217, GHSA-vx9w-5cx4-9796 Modified: 5/20/2026
CRITICAL 9.8 PyPI
GHSA-365w-hqf6-vxfg Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution
Modified: 6/16/2026
MEDIUM PyPI
GHSA-445m-27cf-gr3x · CVE-2025-28197 Crawl4AI SSRF vulnerability
Modified: 4/21/2025
HIGH 7.5 PyPI
GHSA-4qqr-vv2q-cmr5 · CVE-2026-53754 Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Modified: 6/16/2026
CRITICAL PyPI
GHSA-5882-5rx9-xgxp · CVE-2026-26216, PYSEC-2026-33 Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
Modified: 6/5/2026
HIGH 8.6 PyPI
GHSA-6qhc-x826-342c · CVE-2026-53755 Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check
Modified: 6/16/2026
HIGH 8.1 PyPI
GHSA-7cx2-g3h9-382p Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server
Modified: 6/16/2026
HIGH 8.2 PyPI
GHSA-f989-c77f-r2cq Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution
Modified: 6/16/2026
CRITICAL 9.8 PyPI
GHSA-qxjp-w3pj-48m7 · CVE-2026-53753 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
Modified: 6/16/2026
HIGH 8.6 PyPI
GHSA-vx9w-5cx4-9796 · CVE-2026-26217, PYSEC-2026-34 Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
Modified: 6/5/2026